Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Device Certificate Issues.

Hi Friends,

One of our customer is facing issues in fetching the device certificate on a PA-410 device running on PAN OS 11.0.4-h2.

We are logging into the CLI of the firewall with Super User credentials and try to fetch the certificate with the

...

Resolved! PA-440 dns-security

Greetings,

I really want to configure the following field on the PA-440 correctly.

Do you think it is correct?

Resolved! Block access to countries outside the GlobalProtect VPN

Good morning, reviewing the GlobalProtect logs I see brute force attacks from outside my country Spain. I have tried to create security policies that prevent these attempts but none have matched. In the portal configuration (external) I have tried ...

PA-450 is not booting

Hi everyone,

We are currently configuring a new Palo Alto PA-450 and the device is no longer accessible by web management and over console.

At the first power on booting has been done normally and all led was blinking fine. We started access the We

...

Validation Error for High availability

The error message when commiting is:

Validation Error:
deviceconfig -> high-availability -> group -> state-synchronization unexpected here
deviceconfig -> high-availability -> group -> state-synchronization is invalid

I configured high availability usi

...

synchronize google organizational units to PAN

hello team:
Is there a way to sync organizational units from google to Palo alto?
or from Device > Authentication profile > advanced > allow list > all
Greetings.

#paloalto

Advertised static route on BGP over IPSEC.

Hi all,

I have established BGP peer.

I've created redistribution profile with interface that i want to advertised to BGP

The subnet directly connected to interface could be reached/ appear in local RIB

My next objectives :

I have point-to-point f

...

Firewall CLI showing call history

Hi,

We running command show user mapping on our firewall PA5410 with PANOS 10.2.9-h1.

Have anyone see this error? it always show when we running show ip user mapping all / with filter

tried other command like show system info and show system disk-spa

...

Resolved! Alternative Way for IPsec Tunnel in Palo Alto 850

Hello Team,

As I am studying Palo Alto and am a newbie, I have created a lab setup where I use BGP peering between a PA 850 and ISPs. The PA's IP, used for BGP peering, is also used for the IPsec tunnel. I discovered a vulnerability where an ISP ou

...

Resolved! upgrade FW (PA-3420)

Hello dear team,

I would like to upgrade my firewall to a stable version. Currently, my version is (11.0.4-h1). Can you please advise on the best and most stable version to upgrade to, based on your experience?

Thank you.

Block Facebook app except Messenger or facebook chat on Mobile

When Pushing SDWAN config to fw got this error: pan_routed_cfg_altcfg_add_if(tunnel.902) failed

I am trying to do a SDWAN push for a newly imported fw. The interfaces is not existing on fw.
It comes from another PN also configured with SDWAN, moved to new one and all except SDWAN config copied and working. Then added fw into SDWAN device and exi

...

Upgrade path from PANOS 9.0.17-h5 to 10.1.13-h1

Hi Experts,

I'm going to upgrade from PANOS 9.0.17-h5 to 10.1.13-h1. Could you please advise me the download and install path. Additionally, Tell me how many reboots. It would require reaching out to 10.1.13-h1.

Moreover, can you please help

...

Amber LED on PA3220

Hi All,

I am getting amber LED on the firewall PA3220.

Observed alarm is active for Temperatur : Qumran Switch Core. Can anyone know what is causing this issue and how to resolve. all other alarms are False only this alarm is true.

show system e

...

Decryption failed

Hi guys ,

PA820 . OS Version 10.2.9-h1

I am try using the decryption function to see more application information
I generated the CA certificate from PA and imported it locally.

From the decryption log, I saw many errors with various URLs.
Can anyon

...

Next-Generation Firewall Discussions

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Device Certificate Issues.

Resolved! PA-440 dns-security

Resolved! Block access to countries outside the GlobalProtect VPN

PA-450 is not booting

Validation Error for High availability

synchronize google organizational units to PAN

Advertised static route on BGP over IPSEC.

Firewall CLI showing call history

Resolved! Alternative Way for IPsec Tunnel in Palo Alto 850

Resolved! upgrade FW (PA-3420)

Block Facebook app except Messenger or facebook chat on Mobile

When Pushing SDWAN config to fw got this error: pan_routed_cfg_altcfg_add_if(tunnel.902) failed

Upgrade path from PANOS 9.0.17-h5 to 10.1.13-h1

Amber LED on PA3220

Decryption failed

Plugin Issues with PA-410

PA-1410 - Web Management - Cannot Open in Other Computer

Normal mode failure. Software-integrity self-tests failed - files changed

Package manager upgrade failures to certain sites

openSSH version 9.8 or later in PAN-OS

Re: Anyone with exp in Firewall PAN-OS SD-WAN without panorama for VPN S2S Dual ISP ?

Re: URL category for anydesk

Re: HA Configuration Issue with Panorama-Managed Firewall with reason TCP channel failed ,reverting configuration.

Re: Cortex XDR EDL

Re: PA-1410 - Web Management - Cannot Open in Other Computer

Unlock your full community experience!

Next-Generation Firewall Discussions

Rules and Best Practices

Resolved! PA-440 dns-security

Resolved! Block access to countries outside the GlobalProtect VPN

Resolved! Alternative Way for IPsec Tunnel in Palo Alto 850

Resolved! upgrade FW (PA-3420)